This project is driven by three goals, in order: simplicity of code, simplicity of use, and speed.

There isn't a lot of exciting development to be done on this package. I have branched it from editreg.c because I wanted something that was 100% read-only, and would be easy to use in scripts for forensic investigations. Making the code easy to understand is very important, in case it needs to be audited for correctness by a legal adversary. It should be simple to use from the command line, so both humans and scripts can easily benefit from it's capabilities. Finally, since it is meant to be a building block for other programs, it should be reasonably fast.

The command line interface has mostly solidified, and I don't expect to be adding many additional features. Right now, adding documentation and making the core components easier to use by a wider audience are the big outstanding items.

Goals for future releases include:

• More graceful parsing algorithms, to accommodate corrupted registries and possibly even registry fragments
• Support for registry fragments gleaned from memory
• Basic test scripts to test security issues related to malicious registry files
• Integration of record recovery algorithms into regfi